Mobile Device Protection

no@spam.com (Michael Feldbauer) — Fri, 09 Dec 2016 11:30:00 ACST

Mobile apps are often the cause of unintentional data leakage, for example, “riskware” apps pose a real problem for mobile users, who give them sweeping permissions, but don’t always check security. These are typically free apps found in official app stores that perform as advertised, but also send personal—and potentially corporate—data to a remote server, where it is mined by advertisers or even cybercriminals.

Data leakage can also happen through hostile enterprise-signed mobile apps. Here, mobile malware uses distribution code native to popular mobile operating systems like iOS and Android to spread valuable data across corporate networks without raising red flags. To avoiding this problem. only give apps permissions they absolutely insist on, and forgo any program that asks for more than necessary.

Since mobile devices are always powered-on they represent the front lines of any phishing attack. Mobile users are more vulnerable, since they are often the first to receive legitimate-seeming emails and take the bait. Desktop users who only check their email once a day or every other day are often warned off by news sites or security bulletins before clicking through. Email monitoring is crucial. Never click on unfamiliar email links. On a smaller mobile screen, they can be even harder to verify. Always enter URLs manually to be as safe as possible.

Many applications from the Android PlayStore are unchecked for malicious code and can be used to capture your secure data, we have even seen in the past 6 months and attack on users where their phone service provider was changed away from Telstra, they received text messages that they followed which installed another app on the phone. 24 hours later their bank accounts were drained and Westpac & NT Police began an investigation into the hack. This is an extreme case however the users did not have any virus protection and did not read what they were clicking on in the text messages they received.

The moral of the story is purchase and install Virus Protection on your mobile devices, we sell and support Webroot for a monthly fee. For more information contact Territory Technology Solutions on 08 8944 2222.

Since mobile devices are always powered-on they represent the front lines of any phishing attack. According to CSO, mobile users are more vulnerable, since they are often the first to receive legitimate-seeming emails and take the bait. Desktop users who only check their email once a day or every other day are often warned off by news sites or security bulletins before clicking through. Email monitoring is crucial. Never click on unfamiliar email links. On a smaller mobile screen, they can be even harder to verify. Always enter URLs manually to be as safe as possible

iOS Security

no@spam.com (Michael Feldbauer) — Fri, 09 Dec 2016 11:00:00 ACST

Why security matters
Just because almost all mobile malware targets Android doesn’t mean iPhone users can be complacent.

Quite the reverse:

We need to be even more alert in case attackers use complacency against us. What follows are a few simple tips to help you secure your iPhone (and iPad).

There is no way to deny that iPhones are in the ascendant, particularly in enterprise IT. Beyond business, you’ll see them used by educators, doctors, police and politicians and in each one of those cases the information on those smartphones is confidential and must not be abused.

Security is mandatory. Fortunately, Apple works really hard to balance security with usability

Secure yourself
So, what’s the weakest point in mobile device security? Sadly, it’s you. From tapping links in phony emails to accessing confidential password-protected information using open public Wi-Fi hotspots to simply using the same password everywhere: All these common flaws contribute to your security weakness. If you want to secure your mobile devices, then you should start with good security habits:

- Avoid clicking links from people you don’t know.
- Never download/install software unless you know where it is from.
- Use strong passwords, and use different passwords for each site
- Use two-step verification everywhere.
- Use Private Browsing when visiting websites.
- Use a disposable email address to sign up for services, websites and the like
- Never access a confidential service (such as your enterprise intranet or online bank) over public Wi-Fi.
- Now let’s take a closer look at some of the many other ways you can secure your iPhone/iPad life.

Security updates
Apple watches security on its devices closely. For example, when the first zero-day exploit aimed at iOS was identified in 2016, Apple issued a security update to patch the problem within a few days. If you care about your device security you must absolutely ensure you install all the latest iOS upgrades. (Android users may want to look away at this point, as they have nothing like as much protection).

Passcodes: the most important security you have
The passcode is the single most important security protection you have on your device. If you want to be secure you absolutely must use a passcode.

Do you use any of these as your passcode?

123456
password
12345678
These were the three most commonly used passwords in 2016. That’s why they are among the first passcodes people use if they want to unlock your device without your permission.

A report claims it would take a computer an estimated 72-years to hack into a 6-digit alphanumeric passcode, or an estimated 7-minutes to get through a 4-digit numeric code. It would take a human 2,700 years to get through a 6-digit alphanumeric passcode.

You must use a stronger passcode.

What you have to understand is that at Apple, the passcode is still the most important part of your iOS security set-up.

Face ID and Touch ID are good, but they exist for your convenience more than anything else. Both biometric authorization methods depend on you using a unique and hard to break passcode. That’s why you are asked for your passcode when you restart your device, or an Apple Pay transaction fails to recognise your fingerprint, or when the device is left unused for a day or two.

One good way to create a tough password is to make a memorable sentence, such as “The Quick Brown Fox Jumps over the lazy dogs” and then use the second letter from each word (with punctuation) as you code: ihaovly2i,m.

The best way to protect your device is to use an alphanumeric code. To create one you must open Settings>Touch ID & Passcode, and select Change Passcode.

You’ll be asked to enter your existing passcode and then asked to enter a new one. Don’t enter a new one. Instead, tap the words Passcode Options at the bottom of the screen, Now you can create a rock solid alphanumeric code.

Face ID, Touch ID
Apple claims that Face ID is more secure than the fingerprint-based Touch ID. It says there is only a one in a million chance a random person could unlock your iPhone by looking at it using Face ID, compared with a one in 50,000 probability when using Touch ID.

“FaceID makes using a longer, more complex passcode far more practical because you don’t need to enter it as frequently,” Apple said in a security white paper.

What we’re saying is that while you can use these as a convenience, you should always ensure your passcode remains your primary security protection.

Turn on Two-factor authentication
Open Password & Security in Settings and turn on 2-factor authentication. Once it is enabled you'll need to provide two pieces of information (your password and the six-digit verification code) when attempting to sign in to your Apple ID on a new device.

You must also set a Trusted Phone Number here. This is a number that can be used to receive verification codes by text message or automated phone call.

It’s good practice to verify a few numbers here, your home number and that of a trusted third party, for example. You can then use those numbers to get the code to enter your own device if you need to do so.

Set up erase data
What happens if someone tries to open your iPhone? Unless you set this protection up they will be able to try and keep trying until they break in. The Erase data feature is available in Settings>Touch ID & Passcode screen.

Set the Erase Data toggle to green and all the data on your iPhone will be erased after 10 failed passcode attempts. That’s not such great news if you forget your passcode, (though you do backup, right?) but fantastic if someone’s trying to break into your phone to pillage the device for everything it can find out.

Some food for thought.

ICT Insight | Darwin Blog - Articles - Mobile Devices

Mobile Device Protection

iOS Security